FTP server on a window 2k3 server

Posted on 2004-09-09
Medium Priority
Last Modified: 2009-09-24
I am trying to setup FTP server to have users login to their home directrory when they access ftp. I have setup the ftp site to "isolate users using active directory" and set the home directory path in the active directory profile. I get the following error when trying to login to ftp:
530 user administrator cannot log in, home directory inaccessible.
Login failed.

What could I be missing here?
Question by:jlongjr
LVL 34

Expert Comment

ID: 12036898
What exactly did you set for your user accounts in Active Directory?

Dave Dietz

Author Comment

ID: 12043607
In active directory I have set for each user their home directory which resides on the ftp server. I have set, under the profile tab, connect h: to the unc path of the directory. I have shared the folder with the user and administrator.

Author Comment

ID: 12044174
Also when I login, from a workstation, the drive is mapped to the user’s home directory that is specified.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


Author Comment

ID: 12047303
Ok This is going to hurt. I found that you have to modify msIIS-FTPRoot and msIIS-FTPDir properties of the active directory user account, but I don't know how. I will do some more digging and keep this post updated.


Author Comment

ID: 12048121
On the 2003 server with active directory and the ftp server I type the following commands.
iisftp.vbs /SetADProp jlong FTPRoot D:\Users
iisftp.vbs /SetADProp bart FTPDir \jlong

here is the path of the directory

It says the properties were set but when I try to ftp into the server and login I still get home directory inaccessable.

Author Comment

ID: 12056132
I am just giving up. I have setup a standard ftp site and set the root as the d:\ and I will use windows folder security to allow or restrict access to specific areas.
Just a note: I have Novell Netware servers running in my environment and the home directory specified in the user’s properties “environment” is automatically the home directory when they ftp into the Netware server. It is set that way by default and it is nice. I think I am going to setup another Netware server instead of using this crappie windows server! All you have to do is load ftp on the Netware server and no configuration is needed. Really, it is that easy!

Accepted Solution

rifraf1 earned 2000 total points
ID: 12195243

I know how frustrating setting this up can be...  I also have an FTP server with FTP isolation through AD set up.  You were on the right track, but looks like there was one minor problem...

1)  Create the account and password in AD (e.g. username is "bob")
2)  Create the user's FTP directory (e.g. d:\inetpub\bob)
3)  Go to a command prompt
4)  Type:  iisftp /setadprop bob ftproot d:\inetpub
5)  Type:  iisftp /setadprop bob ftpdir bob

That's it...  Now when "bob" logs on, d:\inetpub\bob will be bob's root directory.

I hope this helps.


Expert Comment

ID: 12195299
Oh, and I heard there is supposed to be a snap-in for Active Directory which is supposed to list the FTP home directory in AD users, but I haven't found that one yet....  Why MS didn't include it as part of AD by default is beyond me.  I agree that it would be so much easier, and it just makes sense to include it by default.


Expert Comment

ID: 13757010

I followed your procedures and that got me a little farther but cuteFTP will still not connect.  Here is a copy of the log:

            *** CuteFTP 6.0 - build Dec 23 2004 ***

STATUS:>        Getting listing ""...
STATUS:>        Connecting to FTP server (ip =
STATUS:>        Socket connected. Waiting for welcome message...
            220 Microsoft FTP Service
STATUS:>        Connected. Authenticating...
COMMAND:>      USER aramirez
            331 Password required for aramirez.
COMMAND:>      PASS *****
            230 User aramirez logged in.
STATUS:>        Login successful.
            257 "/" is current directory.
STATUS:>        Home directory: /
            211 END
STATUS:>        This site supports features.
STATUS:>        This site supports SIZE.
COMMAND:>      REST 100
            350 Restarting at 100.
STATUS:>        This site can resume broken downloads.
            350 Restarting at 0.
            227 Entering Passive Mode (69,151,84,30,200,233).
STATUS:>        Connecting FTP data socket
            426 Connection closed; transfer aborted.
ERROR:>         Connection closed; transfer aborted.

I read somewhere else that ports 20 and 21 need to open?  I'm running on Small Business Server 2003.  How do I open port 20 IF that is the cause of this problem.  If not, any suggestions?  Thanks!

-- JW

Expert Comment

ID: 13764305
Hi JW,

Unfortunately, I don't use SBS2k3...  But from the log you posted, it appears as though you did successfully connect, but got booted upon attempting to transfer any data (the directory listing).

Just curious, but does your FTP server support passive mode?  Looks like you got booted upon attempting to connect to port 51433.  If your FTP server only supports active mode FTP, and your firewall blocks all ports not specifically opend by a running service, that would boot you as soon as you tried connecting to a port other than 20 or 21.  In active mode, 21 is used for FTP commands, and 20 is used for FTP data.

I'd recommend you check this out...  http://slacksite.com/other/ftp.html

Hope this helps.


ps. Just outta curiousity, can you connect to your FTP server via command prompt and performa a transfer/directory listing?  I would give this a shot just to eliminate the possibility of it being an issue with CuteFTP.  Also, when connecting via command prompt, make sure you find out if you are connecting via active or passive mode FTP.  If you connect via passive mode, and get booted, it may well just be an active vs. passive issue.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question